Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-1170: patch 9.0.1376: accessing invalid memory with put in Visual block mode · vim/vim@1c73b65

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376.

CVE
#git#buffer_overflow

@@ -1928,7 +1928,7 @@ do_put( ptr += yanklen;
// insert block’s trailing spaces only if there’s text behind if ((j < count - 1 || !shortline) && spaces) if ((j < count - 1 || !shortline) && spaces > 0) { vim_memset(ptr, ' ', (size_t)spaces); ptr += spaces; @@ -2284,6 +2284,15 @@ do_put( msgmore(nr_lines); curwin->w_set_curswant = TRUE;
// Make sure the cursor is not after the NUL. int len = (int)STRLEN(ml_get_curline()); if (curwin->w_cursor.col > len) { if (cur_ve_flags == VE_ALL) curwin->w_cursor.coladd = curwin->w_cursor.col - len; curwin->w_cursor.col = len; }
end: if (cmdmod.cmod_flags & CMOD_LOCKMARKS) {

Related news

CVE-2023-32463: DSA-2023-200: Security Update for Dell VxRail for Multiple Third-Party Component Vulnerabilities

Dell VxRail, version(s) 8.0.100 and earlier contain a denial-of-service vulnerability in the upgrade functionality. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to degraded performance and system malfunction.

Ubuntu Security Notice USN-5963-1

Ubuntu Security Notice 5963-1 - It was discovered that Vim was not properly performing memory management operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. It was discovered that Vim was not properly performing memory management operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907